Skip to content
Search

Latest Stories

Cybercriminal mega-leak spills 1.3 billion passwords and 2 billion email addresses

The cache includes data linked to major email platforms such as Gmail, Hotmail, Outlook and Yahoo

data breach

The dataset was identified by Have I Been Pwned (HIBP)

iStock
Gayathri Kallukaran
By Gayathri KallukaranNov 18, 2025
Gayathri Kallukaran
Gayathri Kallukaran is a Junior Journalist with Eastern Eye. She has a Master’s degree in Journalism and Mass Communication from St. Paul’s College, Bengaluru, and brings over five years of experience in content creation, including two years in digital journalism. She covers stories across culture, lifestyle, travel, health, and technology, with a creative yet fact-driven approach to reporting. Known for her sensitivity towards human interest narratives, Gayathri’s storytelling often aims to inform, inspire, and empower. Her journey began as a layout designer and reporter for her college’s daily newsletter, where she also contributed short films and editorial features. Since then, she has worked with platforms like FWD Media, Pepper Content, and Petrons.com, where several of her interviews and features have gained spotlight recognition. Fluent in English, Malayalam, Tamil, and Hindi, she writes in English and Malayalam, continuing to explore inclusive, people-focused storytelling in the digital space.
See Full Bio
Follow:

Highlights

  • One of the largest password breaches ever recorded exposes 1.3 billion passwords and 2 billion email addresses.
  • Data originates from devices infected with “infostealer” malware used by cybercriminals.
  • Email services including Gmail, Hotmail, Outlook and Yahoo are affected.
  • Security experts urge anyone caught in the breach to change their passwords immediately.

Scale of the breach

A historic data leak has exposed an estimated 1.3 billion passwords and 2 billion email addresses, creating one of the most extensive breaches ever verified. The dataset was identified by Have I Been Pwned (HIBP), a service that alerts users when their information appears in compromised databases.

The cache includes data linked to major email platforms such as Gmail, Hotmail, Outlook and Yahoo. HIBP chief executive Troy Hunt said the scale of the breach is “nearly three times” larger than the previous biggest dataset loaded into the service. He also confirmed that 625 million of the passwords had never been seen in a breach before.

How the data was stolen

The information was harvested from systems infected with infostealer malware. These malicious tools scan devices for stored credentials and cookies, capturing login details before sending them back to cybercriminals. Portions of the stolen data – known as stealer logs – were later leaked on widely accessible platforms including messaging channels and public forums.

The incident follows another major breach less than a month earlier, which exposed 183 million account records.

Immediate steps for affected users

HIBP is urging anyone whose details appear in the breach to change their passwords without delay. Users can check their email addresses and passwords through the service’s lookup tools.

Strong passwords, experts say, avoid personal details, predictable patterns or references from popular culture. Unusual phrases, memorable punctuation and complex combinations are recommended to improve security.

How to check if you were affected

HIBP allows users to enter an email address to see if it appears in any known breaches. Those who create an account can also view a dashboard showing any instances where their information appears in stealer logs. A separate HIBP tool can confirm whether a specific password has been included in a past breach.

How cybercriminals steal login details

Malware such as spyware and keyloggers are among the most common tools for stealing credentials, quietly recording keystrokes or scraping stored data. These attacks are frequently combined with other methods including phishing and credential-stuffing campaigns.

The latest breach underscores the growing sophistication of cybercriminal networks and the vast amount of sensitive data now circulating on the open web. For millions of users, updating passwords remains the most immediate defence.

cybercriminalsgmailoutlookpassword breachesyahoodata breach

Related News

Is India turning into world’s AI classroom?
Column

Is India turning into world’s AI classroom?

Beyond electricity bills: Hidden ways UK homes can take charge of energy use
Tech

Beyond electricity bills: Hidden ways UK homes can take charge of energy use

More For You

Anthropic OpenAI London

Both companies currently employ around 200 people each in London, meaning both are planning significant headcount growth

iStock

Inside Anthropic and OpenAI's push to make London their next big base

Highlights

  • Anthropic plans office space for 800 people against OpenAI's 500.
  • Both companies currently employ around 200 people each in London.
  • Anthropic's expansion follows a UK government campaign to court the company after its Pentagon dispute.
Two of the world's most powerful artificial intelligence companies have announced major London expansions within days of each other, in a development that underlines Britain's growing pull on the global AI industry.

Anthropic, the maker of the Claude AI chatbot, stated that it is expanding its London presence with new office space large enough to accommodate 800 people.

The announcement came just days after rival OpenAI, the maker of ChatGPT, unveiled plans for its first permanent London office with capacity for over 500 team members.

Keep ReadingShow less